Main Vulnerability Database Vulnerabilities #VU34809

Resource exhaustion in Jenkins - CVE-2012-0785

Published: February 24, 2020 / Updated: August 8, 2020

Vulnerability identifier: #VU34809

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2012-0785

CWE-ID: CWE-400

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Jenkins

Affected software:
Jenkins

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

Hash collision attack vulnerability in Jenkins before 1.447, Jenkins LTS before 1.424.2, and Jenkins Enterprise by CloudBees 1.424.x before 1.424.2.1 and 1.400.x before 1.400.0.11 could allow remote attackers to cause a considerable CPU load, aka "the Hash DoS attack."

How to mitigate CVE-2012-0785

Install update from vendor's website.

Sources

http://www.openwall.com/lists/oss-security/2012/01/20/8
https://access.redhat.com/security/cve/cve-2012-0785
https://jenkins.io/security/advisory/2012-01-12/
https://security-tracker.debian.org/tracker/CVE-2012-0785
https://www.cloudbees.com/jenkins-security-advisory-2012-01-12

Resource exhaustion in Jenkins - CVE-2012-0785

Detailed vulnerability description

How to mitigate CVE-2012-0785

Sources

Please verify you're human